Lucene search
+L

90 matches found

Veeam
Veeam
added 2025/02/24 12:0 a.m.24 views

Release Information for Proxmox Virtual Environment Plug-In v12.1.3.217

Update: 2025-03-19 Consider the following regarding the Proxmox Virtual Environment Plug-In: The Plug-in build on this page, 12.1.3.217, is included automatically when upgrading to or installing Veeam Backup & Replication 12.3.1. The Plug-in only needs to be manually deployed by customers still...

6.6AI score
Exploits0Affected Software2
0day.today
0day.today
added 2025/02/22 12:0 a.m.499 views

RaspberryMatic 3.73.9.20240130 Remote Code Execution Exploit

RaspberryMatic / OCCU contains a unauthenticated remote code execution vulnerability, caused by multiple issues within the Java based HMIPServer.jar component. The webui allows for Firmware uploads which can be reached through the URL /pages/jpages/system/DeviceFirmware/addFirmware. This allows a...

10CVSS8.4AI score0.08739EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2025/02/05 3:18 p.m.18 views

CVE-2020-10882

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on...

8.8CVSS7AI score0.44711EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:10 a.m.8 views

CVE-2024-10082

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication method confusion allows logging in as the built-in root user from an external service. The built-in root user up until 6.24.1 is generated in a weak manner, cannot...

8.7CVSS7AI score0.00472EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/09 7:56 a.m.16 views

CVE-2024-43648 Authenticated command injection via <redacted>.exe <redacted> parameter

Command injection in the parameter of a .exe request leads to remote code execution as the root user. This issue affects Iocharger firmware for AC models before version 24120701. Likelihood: Moderate – This action is not a common place for command injection vulnerabilities to occur. Thus, an...

9.3CVSS0.01821EPSS
Exploits0References3
CVE
CVE
added 2025/01/09 7:56 a.m.48 views

CVE-2024-43648

CVE-2024-43648 affects Iocharger firmware for AC models before version 24120701. The issue is a command injection in the parameter of a .exe request, which results in remote code execution as the root user. This grants full control over the charging station, enabling arbitrary file/service addit...

9.3CVSS8.7AI score0.01821EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/01/07 12:0 a.m.10 views

ABB AC500 安全漏洞

ABB AC500 is a programmable logic controller PLC from ABB Switzerland. A security vulnerability exists in ABB AC500 V3 prior to version 3.8.0, which stems from a directory traversal vulnerability that could allow an authenticated attacker to inject arbitrary commands into a specially crafted file...

7.3CVSS6.8AI score0.00335EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2024/12/13 12:0 a.m.9 views

CBL Mariner 2.0 Security Update: kernel (CVE-2024-49924)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-49924 advisory. - In the Linux kernel, the following vulnerability has been resolved: fbdev: pxafb: Fix possible use after fre...

7.8CVSS6.2AI score0.00249EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/12/06 12:0 a.m.7 views

The vulnerability of the backup function of the Cisco Secure Firewall Management Center (formerly Cisco Firepower Management Center) allows a perpetrator to execute arbitrary commands on the basic operating system.

The vulnerability of the cluster backup function of the Cisco Secure Firewall Management Center formerly known as Cisco Firepower Management Center exists due to the lack of measures to neutralize specific elements. Exploiting this vulnerability allows a malicious actor, operating remotely, to...

8.5CVSS5.9AI score0.00509EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/07/25 9:44 p.m.38 views

CVE-2024-24621 Softaculous Webuzo Authentication Bypass

Softaculous Webuzo contains an authentication bypass vulnerability through the password reset functionality. Remote, anonymous attackers can exploit this vulnerability to gain full server access as the root user...

10CVSS0.01157EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/27 12:6 a.m.18 views

CVE-2024-2859 By default, SANnav OVA is shipped with root user login enabled (CVE-2024-2859)

By default, SANnav OVA is shipped with root user login enabled. While protected by a password, access to root could expose SANnav to a remote attacker should they gain access to the root account...

6.8CVSS6.7AI score0.00848EPSS
Exploits0References2
NVD
NVD
added 2024/03/29 4:15 p.m.24 views

CVE-2024-30247

NextcloudPi is a ready to use image for Virtual Machines, Raspberry Pi, Odroid HC1, Rock64 and other boards. A command injection vulnerability in NextCloudPi allows command execution as the root user via the NextCloudPi web-panel. Due to a security misconfiguration this can be used by anyone with...

10CVSS9.9AI score0.02122EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/03/29 12:0 a.m.9 views

PT-2024-23294 · Unknown · Nextcloudpi

Name of the Vulnerable Software and Affected Versions: NextcloudPi versions prior to 1.53.1 Description: A command injection issue in NextcloudPi allows command execution as the root user via the NextcloudPi web-panel. This can be exploited by anyone with access to the web-panel, as no...

10CVSS7.2AI score0.02122EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/01/30 12:0 a.m.7 views

PT-2024-20359 · Totolink · Totolink A8000Ru

Name of the Vulnerable Software and Affected Versions: TOTOLINK A8000RU version 7.1cu.643 B20200521 Description: The issue is related to a hardcoded password for the root user stored in the /etc/shadow file. This could potentially allow unauthorized access to the system. Recommendations: For...

9.8CVSS9.2AI score0.00659EPSS
Exploits1References5
OSV
OSV
added 2024/01/10 11:15 a.m.8 views

CVE-2023-48245

The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user “root” via a crafted HTTP request...

9.8CVSS5.9AI score0.00634EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2023/11/08 8:24 a.m.7 views

insights-client: unsafe handling of temporary files and directories

A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local...

7.8CVSS6AI score0.00257EPSS
Exploits0References5
Cvelist
Cvelist
added 2023/01/19 1:40 a.m.28 views

CVE-2023-20007

A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code or cause the web-based management process on the device to restart unexpectedly,...

4.7CVSS7.5AI score0.00675EPSS
Exploits0References1
Prion
Prion
added 2022/07/12 10:15 a.m.15 views

Command injection

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions 2.15.1, RUGGEDCOM ROX MX5000RE All versions 2.15.1, RUGGEDCOM ROX RX1400 All versions 2.15.1, RUGGEDCOM ROX RX1500 All versions 2.15.1, RUGGEDCOM ROX RX1501 All versions 2.15.1, RUGGEDCOM ROX RX1510 All versions 2.15.1,...

10CVSS7.1AI score0.01595EPSS
Exploits0References1Affected Software11
Cvelist
Cvelist
added 2022/06/03 5:19 a.m.34 views

CVE-2022-32268

StarWind SAN and NAS v0.2 build 1914 allow remote code execution. A flaw was found in REST API in StarWind Stack. REST command, which allows changing the hostname, doesn’t check a new hostname parameter. It goes directly to bash as part of a script. An attacker with non-root user access can injec...

9.1AI score0.02091EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2022/03/26 9:39 p.m.267 views

Exploit for Reliance on Cookies without Validation and Integrity Checking in Fantec Mwid25-Ds_Firmware

PoC exploit for CVE-2022-28113, an unauthenticated remote code e...

9CVSS8AI score0.03652EPSS
Exploits2
Rows per page
Query Builder